gnutls -- multiple certificate verification issues

Details

VuXML ID

f645aa90-a3e8-11e3-a422-3c970e169bc2

Discovery

2014-03-03

Entry

2014-03-04

Modified

2014-04-30

GnuTLS project reports:

A vulnerability was discovered that affects the
certificate verification functions of all gnutls
versions. A specially crafted certificate could
bypass certificate validation checks. The
vulnerability was discovered during an audit of
GnuTLS for Red Hat.

Suman Jana reported a vulnerability that affects
the certificate verification functions of
gnutls 2.11.5 and later versions. A version 1
intermediate certificate will be considered as
a CA certificate by default (something that
deviates from the documented behavior).